Wireshark

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
• The most powerful display filters in the industry
• VoIP analysis
• Live capture and offline analysis are supported
• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
• Capture files compressed with gzip can be decompressed on the fly
• Hundreds of protocols are supported, with more being added all the time
• Coloring rules can be applied to the packet list, which eases analysis

• The Windows installers now ship with Qt 5.9.5. Previously they shipped with Qt 5.9.4.
• Bug Fixes
  • wnpa-sec-2018-25
  • The LDSS dissector could crash. (Bug 14615)
  • wnpa-sec-2018-26
  • The IEEE 1905.1a dissector could crash. (Bug 14647)
  • wnpa-sec-2018-27
  • The RTCP dissector could crash. (Bug 14673)
  • wnpa-sec-2018-28
  • Multiple dissectors could consume excessive memory. (Bug 14678)
  • wnpa-sec-2018-29
  • The DNS dissector could crash. (Bug 14681)
  • wnpa-sec-2018-30
  • The GSM A DTAP dissector could crash. (Bug 14688)
  • wnpa-sec-2018-31
  • The Q.931 dissector could crash. (Bug 14689)
  • wnpa-sec-2018-32
  • The IEEE 802.11 dissector could crash. (Bug 14686)
  • wnpa-sec-2018-33
  • Multiple dissectors could crash. (Bug 14703)
  • Qt GUI does not snap to exactly half of screen in Windows. (Bug 13516)
  • Segmentation fault when switching profiles. (Bug 14316)
  • QUIC dissector produces incorrect packet numbers (wrong-endian). (Bug 14462)
  • Wrong default file format chosen in when saving a capture with comments added if the original format doesn’t support comments. (Bug 14601)
  • Lua: Error during loading [AppData directory]:1: bad argument #1 to dofile (dofile: file does not exist). (Bug 14619)
  • Crash when selecting text. (Bug 14620)
  • ui/macosx directory missing from source release tarball. (Bug 14627)
  • Wireshark 2.9.0 snapshot crashes/segfaults on Windows when launched with -k or -i. (Bug 14632)
  • "Copy as printable text" isn’t copying non-alphanumeric characters. (Bug 14633)
  • File missing from release tarball. (Bug 14634)
  • NEWS is out of date and does not display properly in Notepad. (Bug 14636)
  • l16mono.so is installed in the wrong place. (Bug 14638)
  • Remove: HACK to support UHD’s weird header offset on data packets. (Bug 14641)
  • WinSparkle 0.5.6 is out of date and is buggy. (Bug 14642)
  • Unable to create or open VOIP captures. (Bug 14648)
  • RTMPT: incorrect dissection of multiple RTMP packets within a single TCP packet. (Bug 14650)
  • Endpoints dialog displays invalid GeoIP information due to incorrect byte order. (Bug 14656)
  • Qt: Crash in ShowPacketBytesDialog(). (Bug 14658)
  • Statistics → Resolved addresses show IP addresses without domain. (Bug 14667)
  • Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets. (Bug 14669)
  • Files missing from docbook CMake file. (Bug 14676)
  • Wireshark hangs when opening certain files if it’s been configured to use the new GeoIP databases. (Bug 14701)
• The "Open", "Save", and other file dialogs should now be shown at the correct size on HiDPI Windows systems.